Widespread Email attack targets MS Office users with fake vaccine information
A new malware attack uses harmful emails and impersonates the US Department of Health & Human Services (HHS). The malicious email campaign includes fake COVID-19 information bundled with a malware downloader. if the user is tricked by the contents of the scam email their computer may be compromised with malware.
This cyberattack targets Microsoft Office 365 users according to cyber security researchers at Abnormal Security. The email display name and reply-to address are both spoofed to make it appear that the email was sent by HHS. The email also contains an official-looking HHS logo. The signature line contains an address for the Department of Health and Human Services, but it’s not correct.
- Saturday Sitrep: Coronavirus and Russian Botnets
- Chinese Hackers Launch Coronavirus Malware Attacks
- FormBook Malware Exploits Coronavirus Outbreak Fears
- Prepare to Work at Home During the Coronavirus Outbreak
All of these elements are designed to trick the reader into thinking that the email is an official communication with important vaccine information. The body of the email is meant to take advantage of peoples’ fears and hopes for a cure so they can return to pre-pandemic life.
COVID-19 Themed Cyber Attacks
Many COVID-19 related phishing emails and malware attacks impersonate official government sources. Messaging in these attacks frequently pretends to be from the World Health Organization, WHO, and the US Centers for Disease Control, CDC.
Like many other pandemic related phishing emails and malware attacks, the messaging in this cyberattack attempts to trick the user into thinking that the email attachment contains helpful COVID-19 related information.
in this case the spoofed HHS email as offers up fraudulent information about COVID-19 vaccines and testing updates. The reader is instructed to open the email attachment to get information about vaccines in their local area. The goal is to get the reader to click on the attachment and began a malware download to infect their computer.
Many Pandemic Themed Cyberattacks
In March The US Federal Bureau of investigations issued a service announcement warning the public about increasing COVID-19 related fraud, extortion, and phishing email attacks. Hackers wasted no time adjusting the messaging in their various cyberattacks to take advantage of people’s fears and need for information.
A Chinese Advanced Persistent Threat (APT) Group, known as Vicious Panda, launched its own specialized cyberattacks against highly targeted populations in Mongolia, Ukraine, Russia, and Belarus.
A month later, the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint advisory about the rapid increase in COVID-19 themed cyberattacks. The malicious cyber activity is the work of advanced persistent threat groups as well as other cybercriminals.